First published: Tue Mar 03 2020(Updated: )
Credit: cve-assign@fb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Facebook HHVM | <4.8.7 | |
Facebook HHVM | >=4.9.0<=4.32.0 | |
Facebook HHVM | >=4.33.0<=4.38.0 | |
Facebook HHVM | =4.39.0 | |
Facebook HHVM | =4.40.0 | |
Facebook HHVM | =4.41.0 | |
Facebook HHVM | =4.42.0 | |
Facebook HHVM | =4.43.0 | |
Facebook HHVM | =4.44.0 | |
Facebook HHVM | =4.45.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-1893 is a vulnerability in HHVM that allows reading out of bounds memory when decoding JSON, potentially leading to denial of service (DOS) attacks.
HHVM versions 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, and all versions between 4.9.0 and 4.38.0 (inclusive) are affected by CVE-2020-1893.
CVE-2020-1893 has a severity rating of 7.5, which is considered high.
CVE-2020-1893 can be exploited by sending specially crafted JSON data to the vulnerable HHVM server, triggering the out-of-bounds memory read.
Yes, a security update is available for HHVM to address CVE-2020-1893. It is recommended to update to a patched version of HHVM as soon as possible.